当前位置:网站首页>Introduction to MySQL audit plug-in
Introduction to MySQL audit plug-in
2022-07-01 15:00:00 【InfoQ】
1. MySQL Status of community audit log
2. Audit plug-in tutorial


# see MySQL Plug in storage path
mysql> show variables like 'plugin_dir';
+---------------+------------------------------+
| Variable_name | Value |
+---------------+------------------------------+
| plugin_dir | /usr/local/mysql/lib/plugin/ |
+---------------+------------------------------+
# Add the audit plug-in server_audit.so Store in this path
[[email protected] plugin]# ls -lh server_audit.so
-rw-r--r--. 1 root root 191K May 4 2021 server_audit.so
# Change the owner and permission of the plug-in
[[email protected] plugin]# chown mysql:mysql server_audit.so
[[email protected] plugin]# chmod 755 server_audit.so
[[email protected] plugin]# ls -lh server_audit.so
-rwxr-xr-x. 1 mysql mysql 191K May 4 2021 server_audit.so
# Enter the database and install the audit plug-in
mysql> INSTALL PLUGIN server_audit SONAME 'server_audit.so';
Query OK, 0 rows affected (0.07 sec)
mysql> show plugins;
+----------------------------+--------+--------------------+-----------------+---------+
| Name | Status | Type | Library | License |
+----------------------------+--------+--------------------+-----------------+---------+
...
| SERVER_AUDIT | ACTIVE | AUDIT | server_audit.so | GPL |
+----------------------------+--------+--------------------+-----------------+---------+
# see audit Initial parameter configuration
mysql> show variables like '%audit%';
+-------------------------------+-----------------------+
| Variable_name | Value |
+-------------------------------+-----------------------+
| server_audit_events | |
| server_audit_excl_users | |
| server_audit_file_path | server_audit.log |
| server_audit_file_rotate_now | OFF |
| server_audit_file_rotate_size | 1000000 |
| server_audit_file_rotations | 9 |
| server_audit_incl_users | |
| server_audit_loc_info | |
| server_audit_logging | OFF |
| server_audit_mode | 1 |
| server_audit_output_type | file |
| server_audit_query_log_limit | 1024 |
| server_audit_syslog_facility | LOG_USER |
| server_audit_syslog_ident | mysql-server_auditing |
| server_audit_syslog_info | |
| server_audit_syslog_priority | LOG_INFO |
+-------------------------------+-----------------------+
# Open audit online
mysql> set global server_audit_logging=on;
Query OK, 0 rows affected (0.00 sec)
mysql> set global server_audit_events='connect,table,query_ddl,query_dcl,query_dml_no_select';
Query OK, 0 rows affected (0.00 sec)
mysql> set global server_audit_file_path ='/data/mysql/logs/server_audit.log';
Query OK, 0 rows affected (0.00 sec)
mysql> set global server_audit_file_rotate_size=104857600;
Query OK, 0 rows affected (0.01 sec)
# [mysqld] Add the following configuration Make it permanent
server_audit=FORCE_PLUS_PERMANENT
server_audit_logging=ON
server_audit_file_path=/data/mysql/logs/server_audit.log
server_audit_events=connect,table,query_ddl,query_dcl,query_dml_no_select
server_audit_file_rotate_size=104857600

# After the operation Check the contents of the audit log
20220512 15:17:17,mysqlhost2,test_user,10.30.21.95,118,0,FAILED_CONNECT,,,1045
20220512 15:17:30,mysqlhost2,test_user,10.30.21.95,119,0,FAILED_CONNECT,,,1045
20220512 15:20:26,mysqlhost2,test_user,10.30.21.95,124,0,CONNECT,,,0
20220512 15:20:49,mysqlhost2,test_user,10.30.21.95,124,395,QUERY,,'create database testdb',0
20220512 15:22:06,mysqlhost2,test_user,10.30.21.95,129,419,QUERY,testdb,'CREATE TABLE if not exists `test_tb0` (\r\n `increment_id` int(11) NOT NULL AUTO_INCREMENT COMMENT \' Since the primary key \',\r\n `test_id` int(11) NOT
NULL ,\r\n `test_name` varchar(20) DEFAULT NULL,\r\n `create_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT \' Creation time \',\r\n `update_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE C
URRENT_TIMESTAMP COMMENT \' Modification time \',\r\n PRIMARY KEY (`increment_id`)\r\n) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT=\' test table\'',0
20220512 15:23:09,mysqlhost2,test_user,10.30.21.95,129,426,QUERY,testdb,'insert into test_tb0 (test_id,test_name) values (1001,\'4343df\'),(1002,\'dfd\')',0
20220512 15:23:22,mysqlhost2,test_user,10.30.21.95,129,433,QUERY,testdb,'delete from test_tb0',0
20220512 15:24:14,mysqlhost2,test_user,10.30.21.95,129,448,QUERY,testdb,'create table test_tb0 (id int)',1050
20220512 15:24:25,mysqlhost2,test_user,10.30.21.95,129,452,QUERY,testdb,'drop table test_tb0',0
20220512 15:25:13,mysqlhost2,test_user,10.30.21.95,126,0,DISCONNECT,testdb,,0
# Connection audit mainly audits the connection database 、 disconnect 、 Connection failure and other operations , The log format is as follows :
[timestamp],[serverhost],[username],[host],[connectionid],0,CONNECT,[database],,0
[timestamp],[serverhost],[username],[host],[connectionid],0,DISCONNECT,,,0
[timestamp],[serverhost],[username],[host],[connectionid],0,FAILED_CONNECT,,,[retcode]
# QUERY Audit various database change events , Execution failure will also be recorded , The log record format is as follows :
[timestamp],[serverhost],[username],[host],[connectionid],[queryid],QUERY,[database],[object], [retcode]
- Rich audit content : Including user connections , close ,DML operation , stored procedure , trigger , Events, etc. .
- Flexible audit strategy : You can customize audit events , For example, filter out select Inquire about , Or exclude auditing a user, etc .
- Flexible and convenient : It is free to use and easy to install , The audit function can be enabled and disabled online .
- Opening the audit will increase the performance cost of the database , And take up disk space .
- The log format is not rich enough , You cannot customize the output format .
- https://www.cnblogs.com/lijiaman/p/14257861.html
- https://www.jianshu.com/p/45b37a73e286
- https://mariadb.com/kb/en/mariadb-audit-plugin-options-and-system-variables/
边栏推荐
- It's suitable for people who don't have eloquence. The benefits of joining the China Video partner program are really delicious. One video gets 3 benefits
- [零基础学IoT Pwn] 复现Netgear WNAP320 RCE
- Generate random numbers (4-bit, 6-bit)
- The markdown editor uses basic syntax
- JVM第二话 -- JVM内存模型以及垃圾回收
- These three online PS tools should be tried
- Solid smart contract development - easy to get started
- [zero basic IOT pwn] reproduce Netgear wnap320 rce
- Solid basic structure and array, private / public function, return value and modifier of function, event
- Basic operations of SQL database
猜你喜欢
[Verilog quick start of Niuke question series] ~ use functions to realize data size conversion
After twists and turns, I finally found the method of SRC vulnerability mining [recommended collection]
OpenSSL client programming: SSL session failure caused by an insignificant function
MIT团队使用图神经网络,加速无定形聚合物电解质筛选,促进下一代锂电池技术开发
C learning notes (5) class and inheritance
leetcode:329. Longest increasing path in matrix
IDEA全局搜索快捷键(ctrl+shift+F)失效修复
Chapter 4 of getting started with MySQL: creation, modification and deletion of data tables
opencv学习笔记五--文件扫描+OCR文字识别
Filter &(登录拦截)
随机推荐
NPDP产品经理国际认证报名有什么要求?
这3款在线PS工具,得试试
Some thoughts on software testing
It's suitable for people who don't have eloquence. The benefits of joining the China Video partner program are really delicious. One video gets 3 benefits
[leetcode] 16. The sum of the nearest three numbers
TypeScript:var
Pat 1121 damn single (25 points) set
互联网医院系统源码 医院小程序源码 智慧医院源码 在线问诊系统源码
Quelle valeur le pdnp peut - il apporter aux gestionnaires de produits? Vous savez tout?
solidty-基础篇-结构体和数组,私有 / 公共函数,函数的返回值和修饰符,事件
使用net core 6 c# 的 NPOI 包,读取excel..xlsx单元格内的图片,并存储到指定服务器
Blog recommendation | in depth study of message segmentation in pulsar
JVM第二话 -- JVM内存模型以及垃圾回收
使用net core 6 c# 的 NPOI 包,讀取excel..xlsx單元格內的圖片,並存儲到指定服務器
Build MySQL master-slave server under Ubuntu 14.04
[stage life summary] I gave up the postgraduate entrance examination and participated in the work. I have successfully graduated and just received my graduation certificate yesterday
手把手带你入门 API 开发
What are the books that have greatly improved the thinking and ability of programming?
Ubuntu 14.04下搭建MySQL主从服务器
Markdown编辑器使用基本语法